Why Chain Let's Encrypt Certificates ?

Let's Encrypt is a new CA (Certificate authority) thus it's signing certificate is
not installed very widely. This means that many machines do not know that it is to be trusted.

To cure this Let's Encrypt certificate is cross signed by IdenTrust
who's certifcate is widely trusted.

So: Let's Encrypt's IdenTrust signed certificate must be given to the connecting client (eg web browser) when
a Let's Encrypt signed certificate is given to the client. This is called certificate chaining.

Long term the Let's Encrypt certificate will become widely trusted in it own right.

How to Deliver Let's Encrypt chain certificate

Apache is easy, the directive SSLCertificateChainFile is used, see here.

Many other programs do not have a directive like SSLCertificateChainFile.
For these the chain certificate should be put after the Let's Encrypt signed certificate (ie your certificate) in the same file.

These scripts create such a file for you, it has -chained as part of the name.
Eg: SignedCertificates/phcl-chained.crt